How to scan for machines vulnerable to WannaCrypt / WannaCry ransomware

You’ve patched all your Windows servers and desktop/laptops but what about all the other Windows machines out there that are connected to your network? What about the kioks and Thin Clients and environmental controllers and printer servers, etc? How can you tell if they are patched if you don’t have administrative access to the devices? You can scan your network using a vulnerability scanner. There are many ways to scan your network for machines that are vulnerable to WannaCrypt / WannaCry ransomware but I’ll be talking about using Nmap, a free security scanning tool, in this blog post.

You’ll need the latest version of Nmap v7.40 which you’ll be able to find on Linux (Ubuntu, CentOS, etc) or on Windows thanks to the available binaries for both platforms. I didn’t have any success using Nmap v6.40 which was available via YuM on CentOS 7. So I had to remove Nmap 6.40 (sudo yum erase nmap) and then install the latest RPM version of Nmap which can be found on the downloads page.

If you’re not a Linux guy or gal you can also use the Windows version of Nmap. The installation was pretty straight forward, I had to download the script to the Windows desktop, create a profile, add the script and select a target. In this case I decided to scan my entire home network IP subnet of 192.168.1.0/24 and the Windows version found the same vulnerable Windows XP desktop;